From 26 to 30 March will take place in the city of Manizales, Colombia, the ACK Security Conference, a conference of leading IT Security in Latin America.

The event will be separated into two parts, on 26 and 27 Trainings will be taught a full day, and from 28 to 30 will involve lectures of 90 minutes.

I was invited by the organizers of the event to give a talk and two trainings, so I will be visiting this beautiful country soon, participating in this spectacular event

The talks will include:

• Finding and exploiting vulnerabilities in modems (Peter "HKM" Joaquin)
• Reversing Malware Are we safe with Antivirus? (Alfonso Deluque)
• Hacking with Facebook (Matias Katz)
• In the Path of VoIP (Giovanni Cruz Forero)
• OWASP Top 10 Web Sites Vs Colombia & Top 500 most used passwords in Colombia (David Moreno)
• Computer as a Tool to Support Forensic computer crime (Alvaro Andrade Sejas)
• Web applications under the Microscope (Alvaro Andrade Sejas)
• Adventures and misadventures Malware Analysis (Sebastian Bortnik)
• Lockpick Village (Deviant Ollam)
• Reversing Malware (Carlos Mario Penagos)
• 0 Days For Dinner (Carlos Mario Penagos)
• Detecting network intrusions Beyond the IDS (Roberto Martinez)

To access the complete list of presentations can be accessed at this link.

The trainings to be given during the event are:

• The Hacking Day Plus - Cracking without Secrets (Alfonso Deluque)
• Web Hacking (Matias Katz)
• Hacking Network (Matias Katz)
• Basic Training for the creation of exploits (Carlos Mario Penagos)
• Lockpicking & Physical Security, from novice to master (Deviant Ollam)
• Safety Practices in Corporate Environments (Lorenzo Martinez Rodriguez)
• Metasploit For Penetration Testers (Leonardo Pigñer)

To access the complete list of trainings (and sign up to them) can do so at this link.

To sign up for my trainings, you can do it at this link.

The truth is that it's going to be a fantastic event, with Hacking, friends, music, beer and lots of fun

I want to specially thank the communities of The Day Hacking and DragonJAR for inviting me to participate, and congratulate them for the incredible announcement that they are achieving with this event.

Again, they've successfully demonstrated that the Colombian IT Security community is huge and very strong

See you there!!

Mkit Argentina is back with everything in 2012!!

Here are the best IT Security events in March:

GratuitoFree Computer Forensics Course

In this course the attendees will learn the secrets of virtualization in forensic environments, for investigation and results presentations.

Speaker: Ing. Gustavo Daniel Presman -CCE - EnCE - FCA - NPFA - EnCI             

Date

Thursday, March 15th, 2012, from 6:30 pm until 9:30 pm (GMT-3, Argentina)

Signup and more information: http://www.mkit.com.ar/eventos/forense/

Free Ethical Hacking Course

In this course we will cover the hottest Hacking techniques, by performing them in a practical lab

Topics

Speaker:

Matias Katz

Dates

March Tuesday 6th and Thursday 8th, 2012, from 6:30 pm until 10 pm (GMT-3, Argentina)

Signup and more information: http://www.mkit.com.ar/eventos/hacking/

Wargame Extreme!!

The first WARGAME EXTREME of the year comes to Mkit Argentina!!

Test your Hacking knowledge in this amazing computer challenge!!

Have fun discovering the access path and reach the final objective!!

Date

Friday March 2nd, 2012, from 6:30 pm until 10 pm (GMT-3, Argentina)

Signup and more information: http://www.mkit.com.ar/eventos/wargame/

See you there!!

Source: Mkit Argentina Blog

The title refers to SET (Social Engineering Toolkit), as proven repeatedly and sometimes acts as a platform facebook spread of phishing.

Again, we observed a modest, permissive design error by Facebook that allow an attacker to generate a vector for the spread of phishing. Again, there are no reports so far on the misuse of this feature.
Previously published an article that is directly related to this attack: Social Engineering via "I like" button, if not read it yet, we invite you to do a quick review to a better understanding of the possible combinations.

As detailed in the previous article, an attacker can make the design decision to increase the reliability and reputation of a note, and then modify it and post links to malicious content in it. In this particular case we add the possibility of generating 2 new additives that make it "striking" the note when you click on a link course harmless.

First, we can insert photos in the note, something known long ago. In our case we were able to insert the image from an external URL using HTML code on the note.

Example:

<img SRC="http://www.mkit.com.ar/imagen.jpg" alt="imagen"></img>

Second, through trial and error, we insert a "a href" with the possibility of moficar name hyperlink.

Example:

<a href="http://www.dominiomalicioso.com/malware.exe">http://www.mkit.com.ar/blog</a>

Again, an attacker can "hide" Thanks to these features, the redirection to a contaminated site or with an elaborate hoax to make the user to fall into their trap.

In routine testing of the operation of "Possible" attack, we see certain behavior:

1. If you share the note on the wall and, if added as a hyperlink name the expression "http://", and try to click on the link of note in the wall, you will be redirected to the site says the NAME of the link no matter what the "a href". in the example above, it redirects to "http://www.mkit.com.ar/blog" instead of "http:// www.dominiomalicioso.com/malware.exe ".

   

   Wall Redirect WITH "Http://"

2. If you share the note on the wall and, if not added as no expression hyperlink name such as "http://", it appears in the publication of the wall as plain text, if you ever get into the preview of the note.

   

   Wall Redirect WITHOUT "Http://"

3. If you try to click on the hyperlink in the note, then in any way going to be directed to the point where our "a href".

   

   Redirect From Inside the Note

We may also use Short URLs to obfuscate a little reading the status bar to prevent users who pay a little more attention.

In this particular case, select a topic of current interest to see the curiosity. The redirection is done to a script within the same domain that keeps track of visitors to measure the impact it would have if we publish malicious content.

In a rough set of 300 nodes, a Monday 1:30 am, just 40 minutes of publication, this is the partial result:

As much as my contacts to trust me and know that for that reason are free of worry (I hope at least ..), create a habit on the user to supply the level of design flaws by modern applications day.

In this case, is a personal account, with few nodes. Imagine if someone's account with more than 1000 contacts were stolen! Within minutes, an attacker would be layers of stealing hundreds and hundreds of data or compromise the amount of equipment.

Possible solution:

Do not allow users to use HTML tags to create notes: Certainly, there is little "aesthetic" leave the raw URL without changing its name. However, it could be a differentiation between users "Corporate" and "Regular" and give extra permissions to the first most likely make good use of this feature.

Educate the user: Having the "Advance" phishing vector previously reported, we believe in this and in most cases, the most efficient and effective way to prevent an attack, the user and instill discipline will gradually safe practices when surfing on social networking much like any network. Reading the status bar is still extremely important before clicking on any hyperlink.

Source: Gustavo Nicolas Ogawa, from Mkit's Blog redaction

Every time we post a link, either on our wall or the wall of someone else's content is generated which Facebook calls "Preview"

After copying the link in the sector to make the publication, the preview is generated and provides information on one page which redirects to the link, read Domain Name + Forwarding link .

If we wanted, we could delete the link to the publication sector and make it look just the preview.In this way alone would be enough to click on the image preview or Link to be redirected.

In the same way, we could post malicious content as Facebook allows us to Link more than 1 content by post, but only allows one preview.

As we see in the image appears in both the preview link + Hotmail, and also appears in the Comment link for Gmail.

Now, taking advantage of these facilities provided by the application and making the URL shorteners, an attacker would be able in theory, to increase the chances of getting infected by a single publication containing 3 directions:

1. Malicious link
2. The name of the alleged link to be redirected
3. Original link

Looking in detail the image with true redirect can distinguish the following:

1. Text Comment from FB.
2. Name hyperlink (Sign In).
3. Link in plain text (login.live.com).
4. Review of the page.

Looking in detail the false image redirect we can see:

1. Comment Text Short URL FB + (A PoC mode redirects to gmail.com) ---> It prompts the user to login from the link.
2. Hyperlink Name (Sign Up) ---> Sign Up If pressed, the redirection would be to the origianal site, so its modification to avoid in a way that the user clicks. Sign Up = Register.
3. Comment on the page:

If you want to log on, follow the link above or the following LINK: http://goo.gl/93aP6. To create an account SIGN UP tighten

Another example:

If you use a service to "Unzip" we cut the link produces the following result:

Featured Site: http://longurl.org/

As shown in the result, the redirection is done to http://login.liveS.com/ which is not the same as https://login.live.com/

There are 4 key factors in the attack:

• Facebook allows us to write more than 1 hyperlink per publication
• Facebook creates a "Preview" page
• Facebook in the preview, make a detail of the "name link" (manipulated)
• Facebook lets us modify the contents of the publication.

There is a negative factor in the attack:

1. The original redirect hyperlink preview CAN NOT CHANGE. Ergo, even if the attacker changes the name of the redirect link, if the user clicks on that link, it will be redirected to the original anyway.

From the Negative factor, we deduce (very easily), that the chances of effectiveness, are reduced to 50% as 2-1 link with redirection leads us to an attack site, and 1 leads us to the authentic site. However, as demonstrated in the case of Sign In / Sign Up, would achieve a diversion "semantics" of such redirection.

Of the key factors of the attack, we can deduce:

• A user easily fall into the trap of being a phishing 0 day.
• Previewing increases the reliability of the redirection
• Facebook it increases the reliability of the publication
• The "Link Name" is the second key to phishing because we can change at will, thus increasing the reliability provided by the user to click.

To avoid falling victim to a phishing scam of this nature, we recommend a conscious use of social networks. Do not trust everything it seems.

- Read carefully the status bar posing the mouse over the hyperlink to see the direction it points.

- If it is a "Short URL" enter somewhere expansion redirection links to view original.

Source: Gustavo Nicolas Ogawa, from Mkit's Blog Redaction

As I told you a few weeks ago, I've just finished my talk at the Hack X Colombia community event, which took place in Bogotá and Medellín.

On this talk, I spoke about the typical Web security attacks, including SQL Injection and Cross-Site Scripting (XSS). Unfortunately, because of timing issues I wasn't able to finish the talk, and were only able to speak about the first subject.

However, the talk was carried on perfectly fine and the people received me wonderfully.

I'd like to thank the event organization for allowing me to participate, and all of the assistants for staying during my talk.

For those of you who wish to see the talk, here is the link:

https://mkit.webex.com/mkit/ldr.php?AT=pb&SP=MC&rID=96630287&rKey=e0643df9e3428292

You'll have to install the WebEx Client, at the following link: http://www.webex.com/play-webex-recording.html

Here is the PDF presentation of the talk (Spanish):  Hack_X_Colombia_-_Seguridad_Web

See you next time!

From Colombia we meet again with another community event, related to hacking. Just like in 1 Hack for the kids, the event I'm talking about is Hack X Colombia, an event organized by experts and professionals in information security issues, hacking and related technologies, with the purpose of collaborating with communities that support kids in disability and limited resources in Colombia.

Unlike the event in Argentina, this one will have a fee. However, the purpose is the same, to help needed children, so the philanthropic soul remains

The event will be held on October 8th, 2011, in both Bogotá and Medellín.

Link to the event (Spanish): http://www.hackxcolombia.org/

Saturday, September 17th was Software Freedom Day, the most important event regarding the Free Software movement. This event is held in many countries world-wide and has an importat approach to the users of these platforms, as well as Closed Software users, whether they are end-users, enterprise or government.

Argentina won't stay behind and will held the event on this saturday, September 24th at the University of Buenos Aires, Economics faculty.

All type of talks will be given about free platforms, including SugarCRM, Firefox, and many more.

From 4 PM to 6 PM (GMT-3) I will be giving a talk/workshop with Federico Pacheco about Hacking Linux, on which we will overview the different ways to take over a system and make live demonstrations.

If you're interested in participating in the workshops, you must bring a laptop with a Virtual Machine running Debian 6 installed by default. You should also brin the installation ISOs.

The image you must use is the following:

http://cdimage.debian.org/debian-cd/6.0.2.1/i386/iso-cd/debian-6.0.2.1-i386-CD-1.iso

*** CORRECTED ***

You will also need to download a copy of Damn Small Linux:

http://gd.tuwien.ac.at/opsys/linux/damnsmall/current/dsl-4.4.10.iso

*** CORRECTED ***

We will be able to take control of the system in different ways, bypassing all the controls the Operating System provides.

Event details:

• Place: Economics Faculty - UBA - Córdoba Avenue 2122
• Date: Saturday, September 24th
• Time: 10 AM - 6 PM (GMT-3)

Link to the event (Spanish):

http://wiki.softwarefreedomday.org/2011/Argentina/Ciudad%20Aut%C3%B3noma%20de%20Buenos%20Aires

See you there!!